Trends expected to develop in the cybersecurity space in 2022

Trends expected to develop in the cybersecurity space in 2022

2021 has been a year of widespread uncertainty across the globe, especially for those in the cybersecurity space as cybercriminals ramped up their attack methods, particularly targeting the healthcare sector. CISOs, among many others, are hoping that 2022 will bring a year of certainty and growth and are predicting what the next 12 months will have in store.  

To give some idea, The National Cyber Security Centre (NCSC), a part of GCHQ, has released its National Cyber Strategy 2022, which sets out how the government will protect the UK from cyber threats and promote UK interests in a rapidly evolving online world. 

Focusing specifically on logistics, finance, space and supply chain, Derek Manky, Chief Security Insights & Global Threat Alliances, FortiGuard Labs, believes we will see attacks spanning further outside of the extended network, even into space, as attackers take advantage of a fragmented perimeter, siloed teams and tools as well as a greatly expanded attack surface.

“These threats will leave overwhelmed IT teams scrambling to cover every possible avenue of attack,” said Manky. “To combat these evolving threats, organisations need to adopt a Security Fabric platform founded on a cybersecurity mesh architecture.

“Hijacking wire transfers has become increasingly difficult for cybercriminals as financial institutions encrypt transactions and require Multi-Factor Authentication (MFA),” he continued. “Digital wallets, on the other hand, can sometimes be less secure. While individual wallets may not have as big a payoff, this could change in 2022 as businesses begin to increasingly rely on digital wallets as currency for online transactions.”

Manky predicts that we can also expect to see new proof-of-concept (POC) threats targeting satellite networks over the next year as satellite-based Internet access continues to grow. “The biggest targets will be organisations that rely on satellite-based connectivity to support low-latency activities, like online gaming or delivering critical services to remote locations, as well as remote field offices, pipelines, or cruises and airlines. This will also expand the potential attack surface as organisations add satellite networks to connect previously off-grid systems, such as remote OT devices, to their interconnected networks. In many networks, Linux runs the backend computing systems, and until recently, it has not been a primary target of the cybercriminal community, but we anticipate this to pick up in 2022.

“In the supply chain industry, new malicious binaries have been detected targeting Microsoft’s WSL (Windows Subsystem for Linux), which is a compatibility layer for running Linux binary executables natively on Windows 10, Windows 11 and Windows Server 2019. In addition, botnet malware is already being written for Linux platforms. This further expands the attack surface into the core of the network and increases the threats that need to be defended in general. This has ramifications for Operational Technology (OT) devices and supply chains in general that run on Linux platforms,” said Manky.

Manky suggests that defenders plan ahead now by leveraging the power of AI and Machine Learning (ML) to speed threat prevention, detection and response.

Lior Div, Co-founder and CEO at Cybereason

For our 2022 predictions, we wanted to go beyond the usual hot topics and buzzwords lists that normally pass for insights. While it’s important for our customers to prepare for more of the same when it comes to things like skills gaps and the use of cloud and AI in cybersecurity, we believe they don’t need domain experts to inform them of the obvious. We prefer to focus on the future shape of the threat landscape and what current threat research tells us about risks that may be just over the horizon.

RansomOps replaces ransomware

Ransomware has swept the region anew since the pandemic created more complexity in infrastructure and a disconnect between remote-working employees and the IT function. According to recent Cybereason research, 63% of UAE businesses paid bad actors between US$350,000 and US$1.4 million following ransomware incursions in the two years prior to June 2021. 

Relatively simple repurposed malware strains have been replaced by RansomOps. Cartels like REvil, Conti and DarkSide are conducting comprehensive campaigns in which the payload is just the final link in an attack chain. Against this backdrop, 2022 will demand a refocusing of anti-ransomware tactics away from the encrypting malware itself and onto the Indicators of Behavior (IOBs) associated with RansomOps, allowing the defending organisation to circumvent encryption entirely.

Supply chain attacks will reach further

Cybereason research into espionage campaigns such as DeadRinger and GhostShell reveals different approaches to the well-known SolarWinds incident, with similar outcomes. By gaining access to telecommunications providers, state actors were able to monitor communications for customers of those operators.

In 2022, criminal gangs will adopt the successful strategies of the state actors seen in DeadRinger and GhostShell. This will likely lead to a reassessment of risk profiles by companies that are suppliers of digital services, as well as similar reassessments by their customers of how to establish trust in their supplier.

The Microsoft risk

Microsoft’s dominant role in the OS, cloud and applications market means much of the cybersecurity threat domain is focused on the company’s offerings. As more and more organisations migrate to Microsoft environments, understanding the risks will be essential.

Lines blurring between cybersecurity and national security

In 2022, criminal and state actors will likely collaborate and align objectives for optimal impact. In response, regional governments are likely to escalate their preparedness strategies through entities such as the Computer Emergency Response Team for the UAE (aeCERT) and Saudi Arabia’s National Cybersecurity Authority (NCA).

Standardisation of XDR

Hybrid work models, 5G rollouts and the increased experimentation with IoT will lead to a connected world that will be difficult to protect. However, the productivity and convenience benefits of the technologies it provides will ensure its prevalence and therefore demand measures such as Extended Detection and Response (XDR).

While the cybersecurity industry is in broad agreement on its importance, there is not a uniform definition on what XDR does or should do. In 2022, when clear leaders in the XDR field have been established, the role AI should play in cybersecurity will become more defined.

Vincent Berk, CTO and Chief Security Architect, Riverbed | Aternity

Enterprises will struggle to address man-made complexities

We are only now starting to recognise that network security requirements have driven a high level of complexity. We are just scratching the surface and I predict that 2022 and 2023 will be when enterprises will start to realise the complexities that have been created and there will be a significant struggle to address them.

Data alone is not king, it’s what you do with it that matters

It’s no longer what data you collect, it’s how you put all these pieces together to understand what’s slowing down your network. I predict that enterprises are going to become a victim of data deluge and organisations will be actively working to solve this problem. Software companies that collect the most diverse data will be in the best position to accurately identify the root cause of network slowdowns.

Security shifts to the user

With the Metaverse, computing is becoming very personal and the vector is increasingly the connected individual, not the enterprise security. In this model, the user is the weak link and will increasingly be targeted to gain access to credentials. In 2022, we will see enterprises focus on trying to better secure the end-user or allow them to better secure themselves. This will force a shift in enterprise spending to focus on personal security.

2022 will become the year of unplugging

Interconnectedness has become a recurring theme. I predict we will see more and more security companies focusing on controlling connected cloud services (for example Slack and Jira). And end-users will contemplate if all this interconnectedness between their personal and professional lives is smart – and worth introducing security holes into our lives. Next year, we predict a mass move to ‘unplugging’.

Hadi Jaafarawi, Managing Director – Middle East, Qualys

We can at least hope that 2022 is the year when we put the pandemic behind us. But where the notion of a COVID-free world may at least be possible, the thought of one without cyberthreat actors is, sadly, unrealistic. The Arab Gulf region will see many changes over the next 12 months as organisations continue the fight to secure their perimeters. Here are the highlights.

The decline of cyber insurance

A 2020 KPMG survey revealed 73% of UAE businesses to be investing in cybersecurity to some degree as the result of a surge in incidents. There are now strong indicators that some of this investment may go towards insurance, even as the quality of coverage declines. Citing the COVID-19-related surge in cyberattacks across the country, international law firm Norton Rose Fulbright recently predicted a surge in UAE enterprises’ interest in cyber-insurance and a corresponding change in policy design, with clauses on cybersecurity making their way into property and liability coverage throughout the following year.

But in 2022, we can expect the customers of cyber-insurance providers to reevaluate the effectiveness of such clauses.

Integration rather than consolidation

When the region rushed towards the cloud in 2020, the complexity of the hybrid environments that followed made ‘consolidation’ even more alluring. The truth is security tools specialise in different areas and comprehensive threat postures mean using multiple solutions. But there is still a need to integrate tools effectively to achieve a level of visibility that allows tight control over the digital environment. As research on this area progresses, we are discovering that the more tools that are deployed, the less effective a security team may become in detecting threats.

In 2022, expect to see a greater emphasis on integration. CISOs will concentrate on the fundamentals by using the right tools to automate basic tasks, such as upgrades and patching, while freeing up security professionals for more strategic endeavors.

The unifying of OT and IT security

The risk to physical equipment has been apparent in the region for years. Not only have petrochemical companies here long been the targets of threat actors, but the Colonial Pipeline incident in the US served as a stark lesson to organisations that use any solution that exposes physical machinery to the lawlessness of the public Internet. 2022 will be the year when a single CISO becomes responsible for OT and IT security.

OT security playing catch-up with IT security

The aforementioned merging of OT and IT security cannot come soon enough. OT infrastructure is notoriously behind other software-enabled business functions when it comes to security. Between the less-than-optimal account polices and the slew of unpatched vulnerabilities in OT assets, the new umbrella CISO will have a lot of challenges to overcome to prepare physical infrastructure for the modern threat landscape.

With the region being first to the plate on 5G, IoT solutions will soon be available that were previously inviable. Adopting such solutions will be key to competitive survival in 2022 and beyond, so air-gapping OT environments is not an option.

Browse our latest issue

Intelligent CISO

View Magazine Archive